Guest

Cisco Videoscape Distribution Suite for Internet Streaming

Release Notes for Cisco CDA Visual Quality Experience Application, Release 3.1

 Feedback

Table Of Contents

Release Notes for Cisco CDA Visual Quality Experience Application, Release 3.1

Contents

Introduction

New and Changed Features and Functionality

VQE Release 3.1 New and Changed Features and Functionality

VQE Release 3.0 New and Changed Features and Functionality

System Requirements

Important Notes

Significant Changes to Be Aware of When Upgrading to VQE Release 3.1

Significant Changes to the Set of Parameters Used to Configure VQE

Configuring Trusted Channel-Provisioning Servers for VQE-S Is Required

Security Restrictions for Logins and Root Privileges

Limitations and Restrictions

VQE SDP Channel Information Compatibility

Changing System Time Causes Unicast Retransmission and RCC Disruptions

Performing a Date and Time Change with NTP

Performing a Date and Time Change with the Linux date Command

Routes May Not Be Carried Forward from VQE Release 2.1 to Release 3.1

Load Balancing May Not Work Correctly When More Than Four VQE-S Servers Are Attached to an Edge Router

For OSPF Routing, Ethernet Interfaces Require a Direct Layer-3 Connection to Router

Open Caveats

Resolved Caveats

Known Problems

Random "rtc: lost some interrupts at 8192Hz." Messages Displayed on Serial Console

Deprecated sysctl Message Displayed on Serial Console

Installing VQE Release 3.1 Software

VQE Software Installation Types

ISO Clean Installation

ISO Full Upgrade

VQE Incremental Upgrade

Downloading VQE Software from Cisco.com

Backing Up VQE Release 2.1 Files Before Upgrading or Installing Software

Using an ISO Full Upgrade to Upgrade from VQE Release 2.1 to Release 3.1

Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 2.1 System

Upgrading VQE Software from Release 3.0 to Release 3.1

Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software

Using a VQE Incremental Upgrade to Upgrade from VQE Release 3.0 to Release 3.1

Using an ISO Full Upgrade to Upgrade from VQE Release 3.0 to Release 3.1

Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 3.0 System

Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1

Creating VCPT Configuration Files for Release 3.1

Creating VQE-S and VQE-C Channel Configuration Files for Release 3.1

Supporting Software Hardening Guides and VQE

Linux Security Checklist

The 60 Minute Network Security Guide

Notices

OpenSSL/Open SSL Project

License Issues

GNU General Public License Information

Related Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco CDA Visual Quality Experience Application, Release 3.1


Revised: October 24, 2008, OL-18138-01

Contents

These release notes contain the following sections:

"Introduction" section

"New and Changed Features and Functionality" section

"System Requirements" section

"Important Notes" section

"Limitations and Restrictions" section

"Open Caveats" section

"Resolved Caveats" section

"Known Problems" section

"Installing VQE Release 3.1 Software" section

"Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1" section

"Supporting Software Hardening Guides and VQE" section

"Notices" section

"Related Documentation" section

"Obtaining Documentation and Submitting a Service Request" section

Introduction

Cisco CDA Visual Quality Experience Application (VQE), Release 3.1, offers service providers a set of technologies and products associated with the delivery of IPTV video services. VQE is designed to improve the quality of IPTV services and subscribers' viewing experiences. VQE is part of a Cisco end-to-end solution that builds video awareness into the network infrastruture. For Release 3.1, VQE technology is intended for wireline operators who offer managed broadcast (multicast) IPTV services using xDSL.

Cisco Content Delivery Application (CDA) Visual Quality Experience Application, Release 3.1, includes these major software components:

VQE Server (VQE-S)—Software that runs on a Linux-based Cisco Content Delivery Engine 110 (CDE110) appliance located in the intelligent edge of the service-provider's network.

VQE Client (VQE-C)—Software embedded in the subscriber's CPE—typically a set-top box.

These release notes cover VQE Server software and two related software components: VQE Channel Provisioning Tool (VCPT) and VQE Client Channel Configuration Delivery Server (VCDS).

For information on VQE Server, VQE Channel Provisioning Tool, and VQE Client Channel Configuration Delivery Server, see the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

For information on VQE Client, see the documentation that is provided in the TAR file containing the VQE Client software.

New and Changed Features and Functionality

The following sections provide a summary of new and changed VQE features and functionality relevant to VQE Release 3.1:

"VQE Release 3.1 New and Changed Features and Functionality" section

"VQE Release 3.0 New and Changed Features and Functionality" section

VQE Release 3.1 New and Changed Features and Functionality

The new features and functionality in VQE Release 3.1 include the following:

A dynamic routing feature, which uses the Open Shortest Path First (OSPF) protocol, is supported for VQE-S traffic on the VQE-S server. In previous VQE releases, only static routing was supported. The use of OSPF routing eliminates the limitations of static routing.

On the VQE-S server, the Quagga routing package provides the OSPF routing capability.

The VQE Startup Configuration Utility and the Configuration Tool have been enhanced to support OSPF configuration on the VQE-S server.

VQE-S Application Monitoring Tool (AMT) has been enhanced to provide information on OSPF routing.

VQE-S performance has been improved and now provides up to 2 Gbps of output bandwidth.

VQE Release 3.1 software installation mechanisms include a VQE incremental upgrade and an ISO full upgrade that can be used to upgrade from VQE Release 3.0 to Release 3.1.

For information on configuring OSPF and using the VQE Startup Configuration Utility, the VQE Configuration Tool, and VQE-S AMT, see the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

For information on VQE software installation, see the "Installing VQE Release 3.1 Software" section.

VQE Release 3.0 New and Changed Features and Functionality

If you are upgrading from VQE Release 2.1 to Release 3.1, the new features and changed functionality introduced in VQE Release 3.0 will affect your deployment:

Rapid Channel Change (RCC)

RCC support in VQE Channel Configuration Tool (VCPT) and VQE Application Monitoring Tool (AMT)

VQE Configuration Management System (CMS) including:

VQE Configuration Database (VCDB)

VQE Configuration Tool and VQE Configuration Engine

VCDB Parser

vqe_cfgtool command

Support for Differentiated Services Code Point (DSCP) values on IPTV-related packets

Support for RTP Control Protocol (RTCP) Extended Reports and the Extended Report (XR) packet type. Three XR report block types are supported:

Loss RLE (run-length encoded)

Statistics Summary

Post-Repair Loss RLE

The changed functionality in VQE Release 3.0 includes the following:

The set of VQE parameters have been simplified and enhanced with the addition of system and network parameters. See the "Significant Changes to the Set of Parameters Used to Configure VQE" section.

The Cisco VQE Startup Configuration Utility for VQE-S and VQE Tools initial configuration has been improved to make use of VQE CMS functionality and includes new configuration capabilities.

For security purposes, Cisco VQE Release 3.1 requires that the VQE-S host be configured with the IP addresses of the trusted channel-provisioning servers (for example, VCPT). See the "Configuring Trusted Channel-Provisioning Servers for VQE-S Is Required" section.

The major VQE and system processes are implemented as Linux services. The services are managed using the Linux service command. The /etc/inittab file is no longer used for starting the process_monitor process. See the "Significant Changes to Be Aware of When Upgrading to VQE Release 3.1" section.

System Requirements

VQE Server runs on one Content Delivery Engine 110 (CDE110) appliance. VQE Channel Provisioning Tool and VQE Client Channel Configuration Delivery Server run on a separate CDE110 appliance.

The Cisco CDE110 comes with the required software pre-installed—either VQE Server software or Tools (VQE Channel Provisioning Tool and VQE Client Channel Configuration Delivery Server) software. In each case, the required Linux, Apache web server, and other software is also pre-installed.

To access the VQE-S Application Monitoring Tool (VQE-S AMT or AMT) or the VQE Channel Provisioning Tool, you need a web browser. For these tools, the following web browsers are supported:

Microsoft Internet Explorer version 6.0 or later

Mozilla Firefox version 2.0 or later

The minimum screen resolution required for VQE-S AMT and VCPT is 1024 x 768 pixels.

To display the Channels Status Summary graph of active, inoperative, and inactive channels in the AMT VQE-S Status window, Adobe Flash Player must be installed on the computer that hosts the browser accessing AMT. Adobe Flash Player is free and can be found at this URL:

http://get.adobe.com/flashplayer/

Important Notes

The following important notes apply only if you are upgrading from VQE Release 2.1 to Release 3.1:

Significant Changes to Be Aware of When Upgrading to VQE Release 3.1

Significant Changes to the Set of Parameters Used to Configure VQE

Configuring Trusted Channel-Provisioning Servers for VQE-S Is Required

The following important note applies to all VQE Release 3.1 installations:

Security Restrictions for Logins and Root Privileges

Significant Changes to Be Aware of When Upgrading to VQE Release 3.1

If you are upgrading from Cisco VQE Release 2.1 to Release 3.1, be aware of these significant changes that were implemented in Cisco VQE Release 3.0 and later releases.

The mechanisms used for configuring the Cisco Content Delivery Engine 110 (CDE110) servers that host VQE Server and VQE Tools have changed:

Starting with Cisco VQE Release 3.0, the VQE Configuration Management System (CMS) is used to configure VQE, system, and network parameters on both the VQE Server and VQE Tools hosts. For information on the VQE Configuration Management System (CMS), see Chapter 6, "Configuring VQE Server and VQE Tools," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

Starting with VQE Release 3.0, the vqes.conf file is no longer used on the VQE Server host. (This file was not used on the VQE Tools host.) The vqes.conf file has been replaced by the VQE Configuration Database (VCDB) and vcdb.conf file, which is used on both the VQE Server and VQE Tools hosts. For information on VCDB and the vcdb.conf file, see Chapter 6, "Configuring VQE Server and VQE Tools," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

The set of VQE-S options that were used in the Release 2.1 vqes.conf file have been replaced by the set of VCDB parameters that are used vcdb.conf file.

For information on the correspondence between the VQE Release 2.1 options and Release 3.0 and Release 3.1 parameters, see the "Significant Changes to the Set of Parameters Used to Configure VQE" section.

For complete information on the set of VCDB parameters, see Appendix A, "VQE, System, and Network Parameters," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1, and see also the /etc/opt/vqes/vcdb.conf.sample file.

Starting with Cisco VQE Release 3.0, the major VQE and system processes are implemented as Linux services. Table 1 lists the VQE Release 3.1 services. The services are managed using the Linux service command. The /etc/inittab file is no longer used for starting the process_monitor process. For information on configuring, starting, and monitoring the VQE and system services, see Appendix D, "Manual Initial VQE System Configuration," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

Table 1 Cisco VQE Release 3.1: VQE and System Services  

Service
Description

vqes

Used on the VQE Server host only, VQE-S service (process_monitor process) starts and monitors the other VQE-S processes—Control Plane, Data Plane, Multicast Load Balancer, and STUN Server.

vcds

Used on the VQE Tools host only, VQE Client Channel Configuration Delivery Server (VCDS) service

sshd

Secure Shell daemon.

httpd

HyperText Transfer Protocol daemon (the Apache web server).

tomcat5

Apache Tomcat application server.

snmpd

(Optional) SNMP daemon.

snmpsa

(Optional) SNMP subagent.

ntpd

(Optional) Network Time Protocol (NTP) daemon.

                                      If OSPF is selected as the routing type

watchquagga

The Quagga watchdog process. If the ospfd or zebra daemon crashes or hangs, watchquagga restarts it automatically.

ospfd

The OSPF daemon.

zebra

The zebra daemon.


Significant Changes to the Set of Parameters Used to Configure VQE

Starting with VQE Release 3.0, the number of parameters used to configure the VQE-S and VQE Tools servers has been simplified and enhanced to make the configuration tasks easier to accomplish. In previous VQE releases, the vqes.conf options included many internal options that are useful for Cisco engineering testing but are unlikely to be useful in a deployment. These internal options are not available in the VQE Release 3.1 vcdb.conf file.


Note If you use an ISO full upgrade to upgrade from VQE Release 2.1 to VQE Release 3.1, these internal options are not carried over into your VQE Release 3.1 configuration.


Table 2 lists the vqes.conf options that were used in VQE Release 2.1 and the corresponding VCDB parameters that are used in VQE Release 3.1. If you use an ISO full upgrade to upgrade from VQE Release 2.1 to VQE Release 3.1, the vqes.conf options in Table 2 are translated into VCDB parameters and carried over into your VQE Release 3.1 configuration.

If a vqes.conf option is not shown in Table 2, no VCDB (vcdb.conf) parameter is available for this option in VQE Release 3.1.

Table 2 Old vqes.conf Options and Corresponding VCDB Parameters  

Old vqes.conf Option
Corresponding VCDB Parameter

                               VQE-S Control Plane Options

burst-rate

vqe.vqes.excess_bw_fraction

client-er-policing

vqe.vqes.client_er_policing

client-er-tb-depth

vqe.vqes.client_er_tb_depth

client-er-tb-rate-ratio

vqe.vqes.client_er_tb_rate_ratio

er-cache-time

vqe.vqes.er_cache_time

exporter-enable

vqe.vqes.exporter_enable

log-level

vqe.vqes.log_priority (In VQE Release 3.0 and later releases, this parameter specifies the logging level for all VQE-S processes.)

rtp-hold-time

vqe.vqes.rtp_hold_time

vqm-host

vqe.vqes.vqm_host

vqm-port

vqe.vqes.vqm_port

                           VQE-S Data Plane Process Options

rtp-inactivity-tm

vqe.vqes.rtp_inactivity_timeout

                     Multicast Load Balancer Process Options

interface

vqe.vqes.vqe_interfaces

unicast-reservation

vqe.vqes.unicast_reservation


In VQE Release 2.1, the STUN Server was enabled by specifying run = true; in the STUN Server process definition in vqes.conf. Starting with VQE Release 3.1, the STUN Server is enabled by default, and the VCDB parameter vqe.vqes.stun_enable is used to enable or disable the STUN Server.

For complete information on the set of VCDB parameters, see Appendix A, "VQE, System, and Network Parameters," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1 and also see the /etc/opt/vqes/vcdb.conf.sample file.

Configuring Trusted Channel-Provisioning Servers for VQE-S Is Required

For security purposes, Cisco VQE Release 3.0 and later releases require that the VQE-S host be configured with the IP addresses of the trusted channel-provisioning servers (for example, VCPT). This configuration can be accomplished with the Cisco VQE Startup Configuration Utility or with the VCDB parameter vqe.iptables.trusted_vcpt. For information on VQE-S host configuration, see the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.


Note If the IP address of the trusted channel-provisioning server is not configured on the VQE-S host, VQE-S will reject attempts by the channel-provisioning server to send channel information to the VQE-S host.


Security Restrictions for Logins and Root Privileges

For security reasons, the following restrictions apply to VQE.

The root user cannot use Secure Shell (SSH) to log in to a CDE110 that hosts VQE-S or VCPT. Also, the root user cannot log in to VQE-S AMT or VCPT. The vqe user should be used instead. The vqe user is a pre-created Linux user ID and has its password set during CDE110 initial system configuration.

Only users in the wheel group can use the su or sudo commands. By default, the vqe user is in the wheel group.

If you want to add user accounts to the wheel group so that additional users can use su and sudo, log in as root and issue the following command:

usermod -G wheel username

In the preceding, username specifies the user who will be added to the wheel group.

HERE

Limitations and Restrictions

Cisco CDA Visual Quality Experience Application, Release 3.1, technology is intended for wireline operators who offer managed broadcast (multicast) IPTV services using xDSL.

See the following sections for information on other limitations and restrictions in Cisco VQE, Release 3.1:

"VQE SDP Channel Information Compatibility" section

"Changing System Time Causes Unicast Retransmission and RCC Disruptions" section

"Routes May Not Be Carried Forward from VQE Release 2.1 to Release 3.1" section

"Load Balancing May Not Work Correctly When More Than Four VQE-S Servers Are Attached to an Edge Router" section

"For OSPF Routing, Ethernet Interfaces Require a Direct Layer-3 Connection to Router" section

VQE SDP Channel Information Compatibility

Cisco VQE channel configuration information in Session Description Protocol (SDP) format is sent to VQE Servers and VQE Clients. VQE-S and VQE-C create channel configuration files from the information received.

Set-top boxes with VQE-C Release 2.1, 3.0, and 3.1 can be used in the same deployment. VQE-C Release 2.1, 3.0, and 3.1 can read Release 2.1, 3.0, and 3.1 channel configuration files.

Table 3 and the notes that follow the table provide the SDP channel configuration compatibility requirements for VQE Release 2.1, 3.0, and 3.1.

Table 3 SDP Channel Information Compatibility Requirements

VQE Version SDP
VQE-S 2.1
VQE-C 2.1
VQE-S 3.0
VQE-C 3.0
VQE-S 3.1
VQE-C 3.1

VQE 2.1 SDP

     Yes

     Yes

     Yes **

     Yes ** 

     Yes **

     Yes ** 

VQE 3.0 SDP

     Yes *

     Yes *

     Yes

     Yes

     Yes

     Yes

VQE 3.1 SDP

     Yes *

     Yes *

     Yes

     Yes

     Yes

     Yes


* When VQE-S or VQE-C Release 2.1 receives a channel configuration for a VQE Release 3.0 feature that it does not support, the new feature is ignored, but all Release 2.1 functionality will operate without change.

** Release 2.1 channel configuration files created with VCPT are usable with the Release 3.0 or 3.1 version of VQE-S, VCDS, and VQE-C. When a Release 2.1 channel configuration file is used, new VQE Release 3.0 or 3.1 functionality will not be used because it is not configured.


Note Release 3.0 and 3.1 VQE Channel Provisioning Tool (VCPT) opens and automatically converts Release 2.1 SDP to Release 3.0/3.1 SDP (which are identical).


For information on the migrating channel-related files from VQE Release 2.1 to Release 3.1, see the "Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1" section.

Changing System Time Causes Unicast Retransmission and RCC Disruptions

When the system time is changed on a VQE-S server that is actively repairing network errors, all Unicast Retransmissions will stop indefinitely, and output gaps will be seen on the VQE Clients.

When the system time is moved forward, the VQE-S receives requests for Unicast Retransmission and Rapid Channel Change (RCC) but does not send the repairs/RCCs to the VQE Clients on the set-top boxes.

When the system time is moved backward, all channels go to an inactive state and no Unicast Retransmission and RCC operations are performed.

For a VQE-S server that is actively repairing network errors, an explicit system time change (that is, by using the date command) will always result in the failure of Unicast Retransmission and RCC operations until corrective action is taken.

Workaround: Any time change performed on the VQE-S system should be done during a maintenance window. The procedures for changing the date and time vary depending on whether Network Time Protocol (NTP) or the Linux date command is used. See one of the following sections:

"Performing a Date and Time Change with NTP" section

"Performing a Date and Time Change with the Linux date Command" section


Note Using the local clock is not the recommended procedure for running with accurate time. Using NTP is recommended to keep the VQE-S services operational.


Performing a Date and Time Change with NTP

When performing a date and time change with NTP, do the following:


Step 1 Log in as root.

Step 2 Stop the VQE-S services by issuing the following command:

[root@system]# service vqes stop

Step 3 Stop the ntpd service by issuing the following command:

[root@system]# service ntpd stop 

Step 4 If needed, set the time zone with the vqe_cfgtool command's -config option. Use the Configuration Tool's System Parameters menu and the Timezone choice.

Step 5 Set the system date and time to a date and time close to the NTP server date and time by issuing the following command:

date -s "date_time_string"

For example:

[root@system]# date -s "16:55:30 July 7, 2008"

Step 6 Synchronize the clock to the configured NTP servers by issuing the following command:

[root@system]# ntpd -q

If the system clock is off by a lot, the command will take considerable time to return.

Step 7 Start the ntpd service by issuing the following command:

[root@system]# service ntpd start 

Step 8 Synchronize the hardware clock by issuing the following command:

[root@system]# /sbin/hwclock --systohc 

Step 9 Check NTP synchronization

[root@system]# ntpq -p 

Step 10 Reboot the VQE-S server by issuing the following command:

[root@system]# init 6 


Performing a Date and Time Change with the Linux date Command

When performing a time/date change with the Linux date command only, perform the following commands:


Step 1 Log in as root.

Step 2 Stop the VQE-S services by issuing the following command:

[root@system]# service vqes stop

Step 3 If needed, set the time zone with the vqe_cfgtool command's -config option. Use the Configuration Tool's System Parameters menu and the Timezone choice.

Step 4 Set the system date and time by issuing the following command:

date -s "date_time_string"

For example:

[root@system]# date -s "16:55:30 July 7, 2008"

Step 5 Synchronize the hardware clock by issuing the following command:

[root@system]# /sbin/hwclock --systohc 

Step 6 Reboot the VQE-S server by issuing the following command:

[root@system]# init 6 


Routes May Not Be Carried Forward from VQE Release 2.1 to Release 3.1

When upgrading from VQE Release 2.1 to Release 3.1 with an ISO full upgrade for a VQE-S host or a VQE Tools host, some or all of the routes, including the management route, may not be carried forward from Release 2.1 to Release 3.1.

Since there are many ways routes could possibly have been configured on a Release 2.1 system, such as using multiple route files, ISO full upgrades cannot support all possible configurations. ISO full upgrades do carry forward to VQE Release 3.1 the routes that were configured through the VQE 2.1 Startup Configuration Utility. All other route configurations are considered best effort.


Note This is a one-time issue when upgrading from VQE Release 2.1 to Release 3.1. When the Release 3.1 VQE Configuration Database (VCDB) is used, VQE supports upgrade of routes configured with VCDB.


Workaround: Add any missing routes using the VQE CMS system and VCDB. For information on the VQE CMS, see Chapter 6, "Configuring VQE Server and VQE Tools," in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

Load Balancing May Not Work Correctly When More Than Four VQE-S Servers Are Attached to an Edge Router

With Cisco routers, there is a limitation in the edge router: Only the first 16 route matches for Feedback Target addresses are considered when routing requests to the VQE-S servers from the access network. Therefore, not more than four VQE-S servers that serve the same Feedback Target addresses can be attached to the edge router if each of the four VQE-S servers use four Ethernet interfaces to service Unicast Retransmission and RCC requests. If more than four VQE-S servers are attached to the edge router and are serving the same Feedback Target addresses, load balancing across the VQE-S servers will not work correctly.

For OSPF Routing, Ethernet Interfaces Require a Direct Layer-3 Connection to Router

For OSPF routing on the VQE-S server, the Ethernet interfaces used for VQE-S traffic must have a direct Layer-3 connection to the edge router.

Open Caveats

VQE Release 3.1 contains the following open caveats:

CSCsi67816

Manual startup or restart of tomcat5 service daemon fails.

The symptom is that the VQE-S Application Management Tool (AMT) does not work and simple restarts of the tomcat5 service fail to clear the problem. The tomcat 5 service is required for the VQE-S AMT to operate.

In some conditions, an attempt to restart the tomcat5 service fails and leaves tomcat5 in an inoperable state even though the process itself may appear to be running. The root cause of the problem is not known. However, the issue only seems to occur when the tomcat5 service has been started, or restarted, from within a Linux shell environment that has been reached with the su command rather than through a direct login.

Workaround: Perform the following:

1. Login to the VQE-S system directly as root. For example, use the following command:

ssh -l root vqes-system

2. Restart the tomcat5 service with the following command:

service tomcat5 restart

CSCsl75266

In VCPT, a validation error is displayed when all fields have correct data.

When a channel is cloned and all data is updated so that it is unique, VCPT displays a validation error.

Workaround: When the error is displayed, position the cursor in the field that is highlighted as red. The validation error will be removed, and the Create button will be accessible.

CSCs177161

The error provided for a VQE-S misconfiguration is missing details about what is invalid in the configuration file.

When a newline is entered at the end of a string for a variable in the vqes.conf file, the invalid configuration error occurs.

Workaround: Remove the newline and ensure that any modifications to string variables in the vqes.conf file for do not have a newline in the string.

CSCsl65623

In a channel lineup where two different channels share the same multicast address (but different ports), one or both of the channels fail to receive data on the VQE-S, or only receive packets intermittently.

Multiple channels with the same multicast address but different RTP ports can be sent to VQE-S and will be accepted. This configuration causes errors within the Multicast Load Balancer, which in turn may cause one or both of the channels to fail to be received on the VQE-S.

Workaround: Change the channel configuration so that each channel uses a unique multicast address.

CSCsj70513

An "Invalid module format" error is thrown on ipmi/imb.ko.

The following errors are shown on the CDE110 system console and saved in first_boot_addon.log file during VQE-S installation first boot phase:

+ /usr/local/ism/driver/imbload start
insmod: error inserting '/usr/local/ism/driver/imb.ko': -1 Invalid module format
/bin/mknod: missing operand after `0'
Try `/bin/mknod --help' for more information.

The error always occurs during the first boot phase of initial VQE-S install. The VQE-S installation patches the Linux kernel during first boot phase, and installs the Intel IPMI driver for the new kernel. The IPMI driver tries to load before the new kernel is loaded and causes the error messages shown on console and in first_boot_addon.log.

Workaround: No work around is required. The system will function correctly since the patched kernel will be used once the installation is complete and system is reloaded.

CSCsj95844

The ifup command produces a core dump of the arping process.

The ifup command used to activate an Ethernet interface executes a system utility named arping to do duplicate address detection on the network. In certain cases, the arping utility may stop unexpectedly while running an interface up or interface down operation. A message indicating that the duplicate address detection check has failed is displayed. However, the interface up operation will continue to run and apply configuration changes as expected. A second message to the console will indicate that arping has segfaulted. A core dump file of the arping process will be found in /var/core.

This failure can occur whenever an interface is started using the /sbin/ifup command and the VQE-S application is running.

Workaround: Retry the interface up operation by first issuing the interface down command /sbin/ifdown ethX. Then issue the interface up command /sbin/ifup ethX again.

Resolved Caveats

These caveats have been resolved in VQE Release 3.1 for VQE Server and VQE Tools:

CSCsr81644

In VCPT, channel update details are not provided in the "Status of Last Send" column.

This issue occurs in the following situations:

When the VQE system (VQE-S and/or VCDS) is Release 2.1 and the VCPT is Release 3.0

When the VQE system (VQE-S and/or VCDS) is Release 3.0 and the VCPT is Release 2.1.

CSCsr78421

Trusted channel-provisioning servers are not restricted to the defined VCPT server configuration on VQE-S initial configuration.

This issue occurs when a VQE Server host uses the default VQE-S Domain Name System (DNS) or host definition configuration. (The default DNS configuration is to have no DNS server defined.)

Known Problems

These known problems exist in Cisco VQE, Release 3.1.

Random "rtc: lost some interrupts at 8192Hz." Messages Displayed on Serial Console

A message or block of messages indicating "rtc" has lost some interrupts can appear sporadically on the serial console, usually after entering a command, but the message is unrelated to any specific command.

No workaround is needed. This does not appear to have any operational impact and is believed to be informational only related to an underlying Linux process.

Deprecated sysctl Message Displayed on Serial Console

On the serial console, the system will occasionally display a message of the form:

process `sysctl' is using deprecated sysctl (syscall) 
net.ipv6.neigh.eth4.retrans_time; Use net.ipv6.neigh.eth4.retrans_time_ms instead.

No workaround is needed. This has no known operational impact and is a Red hat Linux binary message.

Installing VQE Release 3.1 Software

New Cisco CDE110 servers have Linux operating system, VQE-S and VQE Tools, and other needed software pre-installed. Table 4 shows the options for upgrading and installing software that Cisco VQE Release 3.1 supports.

Table 4 Options for Upgrading and Installing VQE Release 3.1 Software

Upgrade or Installation Type
Where to Get Information

To upgrade from VQE Release 2.1 to Release 3.1

"Using an ISO Full Upgrade to Upgrade from VQE Release 2.1 to Release 3.1" section


Note VQE incremental upgrades are not supported for the Release 2.1 to 3.1 upgrade.


To install a complete set of new VQE Release 3.1 software files on a VQE Release 2.1 system (equivalent of a factory install of VQE Release 3.1)

"Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 2.1 System" section

To upgrade from VQE Release 3.0 to Release 3.1

"Upgrading VQE Software from Release 3.0 to Release 3.1" section

To install a complete set of new VQE Release 3.1 software files on a VQE Release 3.0 system (equivalent of a factory install of VQE Release 3.1)

"Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 3.0 System" section


For overview information on the software installation types, see the "VQE Software Installation Types" section.

The VQE Configuration Management System (VQE CMS) plays a significant role in software upgrade installations. If you are not familiar with the VQE CMS, read Chapter 6, "Configuring VQE Server and VQE Tools," in the Cisco CDA Visual Quality Experience Application User Guide.

VQE Software Installation Types

The following sections provide overview information on the VQE software installation types:

"ISO Clean Installation" section

"ISO Full Upgrade" section

"VQE Incremental Upgrade" section

The term "ISO installation" comes from the ISO file system format that is used to burn the CD.

ISO Clean Installation

An ISO clean installation is used to install VQE software on a new CDE110 server. An ISO clean installation can also be used on an existing VQE system to restore the server to a factory default state. An ISO clean installation reformats the hard drive and reinstalls the operating system and other packages, such as the VQE software. All old configurations are removed.

After the ISO clean installation is complete, the system automatically reboots and allows you to log in as root. Next the VQE Startup Configuration Utility automatically runs. This utility allows you to specify initial configuration values for the CDE110 server and the VQE software. Using this input, the VQE Startup Configuration Utility generates initial VQE Configuration Database (VCDB) contents and reboots the CDE110 server. When the server comes back up, the VQE Configuration Engine applies the changes in VCDB to the configuration files under the /etc directory.

When an ISO clean installation is performed at the factory on a new CDE110 server, after the installation is complete, the server reboots and is powered down. When the CDE110 is powered on for the first time at the user site, the VQE Startup Configuration Utility automatically runs.

ISO clean installation software includes Cisco VQE Release 3.1, Redhat Linux, Apache web server, and other required facilities. The ISO installation software is distributed on one CD for VQE-S, and on one CD for VQE Tools. As an alternative, VQE Release 3.1 software can be downloaded from Cisco.com. When you are burning a CD with the ISO software, use ISO format and a CD-R disk.

ISO Full Upgrade

An ISO full upgrade is used to upgrade VQE software on an existing CDE110 server and preserves the existing VQE configurations. An ISO full upgrade reformats the hard drive and reinstalls the operating system and other packages, such as the VQE software. An ISO full upgrade backs up the VQE-S, system, and network configurations, which are in the existing files under /etc. For parameters that will be under the control of the VQE CMS, it restores the parameter values (from the existing /etc configuration files) in the set of newly installed /etc configuration files.

ISO full upgrade software includes Cisco VQE Release 3.1, Redhat Linux, Apache web server, and other required facilities. The ISO installation software is distributed on one CD for VQE-S, and on one CD for VQE Tools. As an alternative, VQE Release 3.1 software can be downloaded from Cisco.com. When you are burning a CD with the ISO software, use ISO format and a CD-R disk.

VQE Incremental Upgrade

A VQE incremental upgrade can be used to upgrade a CDE110 server where the Cisco VQE software—either VQE-S or VQE Tools—has previously been installed. A VQE incremental upgrade requires a CDE110 server with an existing operating system. A VQE incremental upgrade backs up the VQE-S, system, and network configurations, which are in the existing files under /etc. For parameters that will be under the control of the VQE CMS, a VQE incremental upgrade restores the parameter values (from the existing /etc configuration files) in the set of newly installed /etc configuration files.

A VQE incremental upgrade is done with an executable installer—a single executable file that includes all VQE-S packages needed for the upgraded VQE software version. Each VQE incremental upgrade requires that the system already has a previously released complete VQE software package installed, including configuration files. Otherwise, the VQE incremental upgrade installer quits and informs you to use an ISO installation.

A VQE incremental upgrade assures that the existing software version is complete. It does not remove any extra software that is installed on your system and that is not required to run the VQE software. However, use non-Cisco release software may produce unpredictable results and is not recommended.

Downloading VQE Software from Cisco.com

You must be a registered Cisco.com user to download software from Cisco.com. To download a VQE software from Cisco.com, do the following:


Step 1 Browse to the software downloads area for VQE:

http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=280836689

Step 2 Click the + sign to expand Cisco Content Delivery Applications.

Step 3 Depending on the type of server where software is being upgraded, click one of the following:

Cisco Visual Quality Experience (VQE) Channel Provisioning Tools (VQE Tools)

Cisco Visual Quality Experience Application (VQE-S)

Step 4 If needed, log in to Cisco.com.

Step 5 Click the software release that you need.

Step 6 Click the ISO installation software or VQE incremental upgrade installer that you need.

Step 7 Click Download.

Step 8 Follow the directions for downloading the ISO installation software or VQE incremental upgrade installer. Download the software to the /tmp directory.

Step 9 If you want release information, download any Release Notes or README file that is relevant to the software.

Step 10 If you downloaded ISO installation software, you must burn the software onto a CD. When burning the CD, use ISO format and a CD-R disk.


Backing Up VQE Release 2.1 Files Before Upgrading or Installing Software

When upgrading from VQE Release 2.1 to Release 3.1 or when installing VQE Release 3.1 software on a VQE 2.1 system, the following tables list the VQE Release 2.1 files that you should backup prior to performing an ISO full upgrade or ISO clean installation.

Table 5 shows the files that must be backed up for the CDE110 that hosts VQE-S.

Table 6 shows the files that must be backed up for the CDE110 that hosts VQE Tools (VCPT and VCDS).

In addition to the files listed in these tables, there may be backup or alternate files in the /etc/opt/vqes directory or another location. These files must be backed up if you want them available on the upgraded CDE110.

If additional functions are enabled on the CDE110, there may be additional files not listed in these tables that need to be backed up.

The easiest way to back up the /etc configuration files is to use the tar command to create a TAR file archive of all directories and files under /etc.


Caution An ISO clean installation or ISO full upgrade will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Before upgrading or installing software on a CDE110, be sure to backup all needed files to a safe location (for example, on a server separate from the CDE110s being upgraded).

Before the hard disk is formatted, an ISO full upgrade does a backup of configuration files under the /etc directory. After the hard disk is formatted, an ISO full upgrade restores your VQE 2.1 configurations in the files under /etc—but only configuration items for which a VQE Configuration Database (VCDB) parameter exists are restored. Nevertheless, it is recommended that you manually backup these files to another server before proceeding with an ISO full upgrade in case of a catastrophic failure.

Table 5 VQE-S Server: Files That Must Be Backed Up  

File
Notes

/etc/hosts

--

/etc/ntp.conf

If additional Network Time Protocol configuration has been enabled, files in other locations may need to be backed up.

/etc/resolv.conf

--

/etc/sysconfig/network

--

/etc/sysconfig/network-scripts/ifcfg-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: ifcfg-eth1.

/etc/sysconfig/network-scripts/route-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: route-eth1

/etc/opt/vqes/vqes.conf

VQE-S configuration file.

/etc/opt/vqes

There may be additional backup or alternate files in the vqes directory (or another location).

/etc/opt/vqes/vqe_channels.cfg

VQE-S channel configuration file.

/etc/opt/vqes/vqes_syslog.conf

VQE-S syslog configuration file.

/usr/share/tomcat5/webapps/ems/WEB-INF/vqe.conf

VQE-S AMT configuration file with XML-RPC port numbers for management servers. If your deployment has not changed the default XML-RPC port numbers, the vqe.conf file does not have to be backed up.

/usr/share/tomcat5/webapps/ems/WEB-INF/classes/log4j.properties

VQE-S AMT log4j logging configuration file. If your deployment has not changed the default log4j configuration, the log4j.properties file does not have to be backed up.


Table 6 VQE Tools Server: Files That Must Be Backed Up  

File
Notes

/etc/hosts

--

/etc/ntp.conf

If additional Network Time Protocol configuration has been enabled, files in other locations may need to be backed up.

/etc/resolv.conf

--

/etc/sysconfig/network

--

/etc/sysconfig/network-scripts/ifcfg-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: ifcfg-eth1.

/etc/sysconfig/network-scripts/route-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: route-eth1.

VCPT configuration files in /etc/opt/vcpt/data

VCPT configuration files are in this directory. Filenames are user-defined and vary.

/etc/opt/vqes

There may be additional backup or alternate files in the vqes directory (or another location).

/etc/opt/vqes/VCDServer.cfg

VCDS configuration file.

/etc/opt/vqes/vqec_channels.cfg

VQE-C channel configuration file.

/usr/share/tomcat5/webapps/vcpt/WEB-INF/classes/log4j.properties

VCPT log4j logging configuration file. If your deployment has not changed the default log4j configuration, the log4j.properties file does not have to be backed up.


Using an ISO Full Upgrade to Upgrade from VQE Release 2.1 to Release 3.1

To upgrade from VQE Release 2.1 to Release 3.1 requires that you perform an ISO full upgrade of the VQE Release 3.1 software on the Cisco CDE110 that hosts VQE-S and on the (optional) CDE110 that hosts the VQE Tools (VCPT and VCDS).

An ISO full upgrade does backup and restore your VQE 2.1 configurations in files under /etc if the parameter will be under the control of the VQE Configuration Management System (CMS) in Release 3.1. Use an ISO full upgrade if your deployment does require that these VQE 2.1 configurations be preserved.


Note ISO full upgrades must be performed using the CDE110 serial port (not the CDE110 video and keyboard ports). For these installations, the serial port connection can be through a terminal server or through a directly connected PC.

For terminal emulation software configuration, see "Configuring Terminal Emulation Software" in Chapter 2 of the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.



Note When using an ISO full upgrade, there is a known problem related to route configurations. See "Routes May Not Be Carried Forward from VQE Release 2.1 to Release 3.1" section.


To perform an ISO full upgrade to upgrade from VQE 2.1 to 3.1, do the following:


Step 1 Read and follow the directions in the "Backing Up VQE Release 2.1 Files Before Upgrading or Installing Software" section.


Caution An ISO full upgrade will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Be sure to backup configuration files as described in the "Backing Up VQE Release 2.1 Files Before Upgrading or Installing Software" section.

Step 2 Insert the ISO software installation CD in the CDE110 CD/DVD Combo drive.

Step 3 Power on or power cycle the CDE110.

Changing the Boot Sequence to Start from the CD/DVD Combo Drive


Note Changing the boot sequence to start with the CD/DVD drive is a one-time operation for changing the boot sequence.


Step 4 When the system boots and displays "Press <F2> to enter SETUP," press F2 to enter the BIOS Setup.

Step 5 When the BIOS Setup utility is displayed, use the arrow keys to move to the Boot Options menu (Figure 1).

Figure 1 Boot Options Menu

Step 6 So that the CD/DVD Combo drive is first in the boot order, you need to change the boot sequence to the following:

1. IDE PM: SlimType COMBO SSC-2485

2. #0440 ID01 LUN0 FUJITSU MAY203

3. IBA GE Slot 0600

4. [EFI SHELL]


Note Because the components used in the CDE110 can vary, the name of the CD/DVD Combo drive may be different from what is shown in the preceding list.


To change the boot sequence, use the arrow keys to move to the boot option you will change (for example, Boot Option #1) and press Enter. Then use the arrow keys to move to the required boot device and press Enter.

The updated Boot Option is displayed.

Step 7 To save and exit the BIOS Setup, press F10. (As an alternative to pressing F10, use the arrow keys to move to Exit in the BIOS Setup menu and select Save Changes and Exit.)

The Setup Confirmation message "Save Configuration Changes and exit now?" is displayed.

Step 8 Select Yes and press Enter.

The CDE110 restarts.

Loading the VQE Software

When the VQE installation software runs, the boot: prompt is displayed.

Step 9 Type upgrade and then press Enter. For example:

boot: upgrade 


Note If you enter invalid input at the boot: prompt, the installer displays "Could not find kernel image" and your input.

This message is harmless. Enter correct input (upgrade) and proceed with the installation.


The installation software checks that VQE software and configuration files exist. If either of these checks fail, the installation is terminated.

If the VQE software and configuration files exist, the following message is displayed before the actual upgrade process starts.

You are performing VQE upgrade on hostname. It currently has Cisco VQE Server_or_Tools 
Release xxx installed. If this is incorrect, please power off the server within 60 
seconds.

You can power off the server to stop the ISO full upgrade if the wrong CD has been used for the installation.

When you select an ISO full upgrade and the installation begins, no further user input is required or possible.

An ISO full upgrade does the following:

Backs up the /etc configuration files to the vqe-release-hostname-timestamp.tar.gz file by creating a tar file archive of the following files: all files under /etc, vqes.conf, the password file, Session Description Protocol (SDP) file, and so forth. Saves the tar file archive in a temporary set of files.

Formats the hard drive.

Installs the Linux operating system and add-on RPMs of VQE packages and configuration files.

Restores (from the tar file archive) the following /etc configuration files that were present on your VQE Release 2.1 host:

On a VQE-S host, the channel configuration file (/etc/opt/vqes/vqe_channels.cfg)

On a VQE Tools host, the channel configuration file (/etc/opt/vqes/vqec_channels.cfg) and all VCPT configuration files in /etc/opt/vcpt/data

On both VQE-S and VQE Tools hosts, all files in the /etc/opt/certs directory (files related to Secure Sockets Layer certificates)


Note Except for the preceding files, all other /etc configuration files from a Release 2.1 VQE host are not copied to the directories under /etc.


Saves the other files shown in Table 7 to the CDE110 hard drive.

Table 7 ISO Full Upgrade VQE Release 2.1 to 3.1: Other Saved Files  

File in the Tar File Archive
Directory Location Where Saved

backed up /etc files

/vqe-etc/etc-save/

vqe-release-hostname-timestamp.tar.gz (tar file)

/vqe-etc/


Examines configuration files under /etc that in Release 3.1 will be configurable by the VQE CMS and VCDB parameters, and generates VCDB contents for these files.

If a VCDB parameter exists for a configuration option that was in the Release 2.1 /etc files, that configuration item will be preserved in the Release 3.1 /etc files.

If a VCDB parameter does not exist for a configuration option that was in the Release 2.1 /etc files, that configuration item will not be preserved in the Release 3.1 /etc files.

Performs installation post processing

Installs a new vcdb.conf.sample file in the /etc/opt/vqes/ directory.

Saves the factory default configuration files under /etc to the directory /vqe-etc/etc-pristine.

Performs a final reboot. As part of the final reboot, runs the VQE Configuration Engine to apply the VCDB values (which the installation software generated earlier) to the VQE 3.1 configuration files under /etc.

Step 10 When the final reboot is finished, you must login as root and reset the password for root, and reset the password for the vqe user name. If there were other user accounts, they are not carried forward to VQE Release 3.1. It is possible for you to manually recreate the other user accounts. However, making manual changes in this manner is not supported or recommended.

Step 11 When the final reboot is finished, check the /var/log/vqe/vqe.log file to ensure that no significant errors occurred during the ISO full upgrade.

Step 12 Remove the ISO CD from the CDE110 CD/DVD Combo drive and close the CD/DVD tray.


Note Leave the BIOS settings set so that the CDE110 boots first from the CD/DVD Combo drive.


Step 13 If you have made changes to Release 2.1 /etc configuration parameters that are not now under the control of the VQE CMS, the ISO full upgrade does not preserve the changes in Release 3.1. It is possible for you to manually recreate the customized configurations in the Release 3.1 /etc configuration files. However, making manual changes in this manner is not supported or recommended.

You can examine the /vqe-etc/etc-diff file to determine the /etc file parameters (beyond the control of the VQE CMS) that have been changed.

For information on migrating channel-related files from VQE Release 2.1 to VQE Release 3.1, see the "Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1" section.


Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 2.1 System

To install a complete new set of VQE Release 3.1 software on a VQE Release 2.1 system, perform an ISO clean installation of the VQE Release 3.1 software on the Cisco CDE110 that hosts VQE-S and on the (optional) CDE110 that hosts the VQE Tools (VCPT and VCDS).

An ISO clean installation does not backup or restore your current VQE 2.1 configurations. Use an ISO clean installation only if your deployment does not require that the VQE 2.1 configurations be preserved.


Caution If you use an ISO clean installation for installing VQE Release 3.1, your VQE Release 2.1 configurations will not be backed up or restored. Use an ISO clean installation only when there is no requirement to preserve VQE Release 2.1 configuration values.

To preserve your VQE Release 2.1 configuration values, use an ISO full upgrade. See the "Using an ISO Full Upgrade to Upgrade from VQE Release 2.1 to Release 3.1" section.

This section explains how to perform an ISO clean installation to install VQE Release 3.1 on a VQE Release 2.1 system. An ISO clean installation reformats the hard drive and reinstalls the operating system and other packages, such as the VQE software. All old configurations are removed.


Note ISO clean installations must be performed using the CDE110 serial port (not the CDE110 video and keyboard ports). For these installations, the serial port connection can be through a terminal server or through a directly connected PC.

For terminal emulation software configuration, see "Configuring Terminal Emulation Software" in Chapter 2 of the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.


To perform an ISO clean installation to install VQE Release 3.1 on a VQE 2.1 system, do the following:


Caution An ISO clean installation will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Be sure to backup configuration files as described in the "Backing Up VQE Release 2.1 Files Before Upgrading or Installing Software" section. With this backup of the configuration files, you will have the VQE 2.1 configuration files available for reference if you need them after the ISO clean installation is complete.


Step 1 Insert the ISO software installation CD in the CDE110 CD/DVD Combo drive.

Step 2 Power on or power cycle the CDE110.

Changing the Boot Sequence to Start from the CD/DVD Combo Drive


Note Changing the boot sequence to start with the CD/DVD drive is a one-time operation for changing the boot sequence.


Step 3 When the system boots and displays "Press <F2> to enter SETUP," press F2 to go into enter the BIOS Setup.

Step 4 When the BIOS Setup utility is displayed, use the arrow keys to move to the Boot Options menu (Figure 1).

Figure 2 Boot Options Menu

Step 5 So that the CD/DVD Combo drive is first in the boot order, you need to change the boot sequence to the following:

1. IDE PM: SlimType COMBO SSC-2485

2. #0440 ID01 LUN0 FUJITSU MAY203

3. IBA GE Slot 0600

4. [EFI SHELL]


Note Because the components used in the CDE110 can vary, the name of the CD/DVD Combo drive may be different from what is shown in the preceding list.


To change the boot sequence, use the arrow keys to move to the boot option you will change (for example, Boot Option #1) and press Enter. Then use the arrow keys to move to the required boot device and press Enter.

The updated Boot Option is displayed.

Step 6 To save and exit the BIOS Setup, press F10. (As an alternative to pressing F10, use the arrow keys to move to Exit in the BIOS Setup menu and select Save Changes and Exit.)

The Setup Confirmation message "Save Configuration Changes and exit now?" is displayed.

Step 7 Select Yes and press Enter.

The CDE110 restarts.

Loading the VQE Software

When the VQE installation software runs, the boot: prompt is displayed.

Step 8 Type clean and then press Enter. For example:

boot: clean 


Note If you enter invalid input at the boot: prompt, the installer displays "Could not find kernel image" and your input.

This message is harmless. Enter correct input (clean) and proceed with the installation.


When you select an ISO clean installation and the installation begins, no further user input is required or allowed until the initial configuration of the CDE110 server.

An ISO clean installation does the following:

1. Formats the hard disk.

2. Installs the Linux operating system and all packages.

3. Reboots.

4. Installs the add-on RPM of VQE packages and configuration files.

5. Performs installation post processing.

a. Installs a new vcdb.conf.sample file in the /etc/opt/vqes/ directory.

b. Saves the factory default configuration files under /etc to the directory /vqe-etc/etc-pristine.

6. Reboots the server.

Step 9 Remove the ISO software installation CD from the CDE110 CD/DVD Combo drive and close the CD/DVD tray.


Note Leave the BIOS settings set so that the CDE110 boots first from the CD/DVD Combo drive.


Step 10 When the CDE110 completes the final reboot, you are required to log in as root and change the password for root:

localhost.localdomain login: root
You are required to change your password immediately (root enforced)

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 12 to 40 characters
long and contain enough different characters.


Enter new password: 
Re-type new password: 

Step 11 Enter the new password for root.

When you change the root password, the VQE Startup Configuration Utility runs:

Welcome to the Cisco VQE startup configuration utility.  This utility is
intended to facilitate the initial setup of the VQE system.  This is not
intended as a complete configuration tool, but merely to assist in the most
common configuration needs, therefore you may still need to customize the VQE
configuration for your specific needs after this utility is complete.

The VQE Startup Configuration Utility allows you to specify initial configuration values for the CDE110 server and the VQE software. Using this input, the startup utility generates initial VQE Configuration Database (VCDB) contents and reboots the CDE110 server. When the server comes back up, VQE Configuration Engine applies the changes in VCDB to the configuration files under the /etc directory.

For information on using the startup utility, see Chapter 2, "Getting Started with the VQE Startup Configuration Utility" in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

For information on the VQE Configuration Database and Configuration Engine, see Chapter 6, "Configuring VQE Server and VQE Tools" in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

For information on migrating channel-related files from VQE Release 2.1 to VQE Release 3.1, see the "Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1" section.

Terminal Client Software Behavior. When using the Cisco VQE Startup Configuration Utility with a CDE110 serial port connection and terminal client software, different terminal client facilities have varying behavior for the Backspace and Delete Keys:

With console/konsole on Linux, or putty on Windows, pressing Backspace usually works correctly.

With HyperTerminal on Windows, pressing Ctrl-Backspace usually works correctly.

With HyperTerminal on Windows, pressing Backspace (without Ctrl) produces errors.

With UNIX xterm shell, pressing Backspace produces errors. With the UNIX xterm shell, the Delete key (not Backspace) should be used to remove characters.

Other terminal client facilities may produce different behaviors for the Backspace and Delete keys.


Upgrading VQE Software from Release 3.0 to Release 3.1

To upgrade from VQE Release 3.0 to Release 3.1 requires that you perform one of the following types of software installation on the Cisco CDE110 that hosts VQE-S and on the (optional) CDE110 that hosts the VQE Tools (VCPT and VCDS).

A VQE incremental upgrade installs a limited set of files—only those files that are needed to upgrade to the VQE 3.1 software. This is the recommended upgrade path because it is relatively fast (approximately a minute) and simple to perform. A VQE incremental upgrade preserves your VQE 3.0 configurations in VCDB and in the configuration files under /etc. If a configuration parameter is not configured by the VQE 3.0 configurations in VCDB, it will not be preserved.

An ISO full upgrade installs a complete new set of VQE, Linux, Quagga, and other files. An ISO full upgrade does backup and restore your VQE 3.0 configurations in files under /etc if the parameter will be under the control of the VQE CMS in Release 3.1. Use an ISO full upgrade if your situation does require that you install a complete new set of files and that the VQE 3.0 configurations be preserved.


Note If you want to preserve your current VQE 3.0 configurations for VQE Release 3.1, you must use a VQE incremental upgrade or an ISO full upgrade.


When using a VQE incremental upgrade to upgrade VQE Release 3.0 to Release 3.1, read each of the following sections, in the order shown:

1. "Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software" section

2. "Using a VQE Incremental Upgrade to Upgrade from VQE Release 3.0 to Release 3.1" section.

When using an ISO full upgrade to upgrade from VQE Release 3.0 to Release 3.1, read each of the following sections, in the order shown:

1. "Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software" section

2. "Using an ISO Full Upgrade to Upgrade from VQE Release 3.0 to Release 3.1" section

Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software


Caution An ISO clean installation or ISO full upgrade will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Before upgrading or installing software on a CDE110, be sure to backup all needed files to a safe location (for example, on a server separate from the CDE110s being upgraded).

Before the hard disk is formatted, an ISO full upgrade does a backup of configuration files under the /etc directory. After the hard disk is formatted, an ISO full upgrade restores your VQE 3.0 configurations in the files under /etc—but only configuration items for which a VQE Configuration Database (VCDB) parameter exists are restored. It is recommended that you manually backup these files to another server before proceeding with an ISO full upgrade in case of a catastrophic failure.

When upgrading from VQE Release 3.0 to Release 3.1, the following tables list the VQE Release 3.0 files that you should backup prior to performing an ISO clean installation or ISO full upgrade.

Table 8 shows the files that must be backed up for the CDE110 that hosts VQE-S.

Table 9 shows the files that must be backed up for the CDE110 that hosts VQE Tools (VCPT and VCDS).

The easiest way to back up the /etc configuration files is to use the tar command to create a TAR file archive of all directories and files under /etc.


Note In addition to the files listed in these tables, there may be backup or alternate files in the /etc/opt/vqes directory or another location. These files must be backed up if you want them available on the upgraded CDE110.

If additional functions are enabled on the CDE110, there may be additional files not listed in these tables that need to be backed up.


Table 8 VQE-S Server: Files That Must Be Backed Up  

File
Notes

all directories and files under /etc

These are the files needed to configure the CDE110 system except for the VQE-S AMT web application.

/usr/share/tomcat5/webapps/ems/WEB-INF/vqe.conf

VQE-S AMT configuration file with XML-RPC port numbers for management servers. If your deployment has not changed the default XML-RPC port numbers, the vqe.conf file does not have to be backed up.

/usr/share/tomcat5/webapps/ems/WEB-INF/classes/log4j.properties

VQE-S AMT log4j logging configuration file. If your deployment has not changed the default log4j configuration, the log4j.properties file does not have to be backed up.


Table 9 VQE Tools Server: Files That Must Be Backed Up  

File
Notes

all directories and files under /etc

These are the files needed to configure the CDE110 system except for the VCPT web application.

/usr/share/tomcat5/webapps/vcpt/WEB-INF/classes/log4j.properties

VCPT log4j logging configuration file. If your deployment has not changed the default log4j configuration, the log4j.properties file does not have to be backed up.


Using a VQE Incremental Upgrade to Upgrade from VQE Release 3.0 to Release 3.1

This section explains how to use a VQE incremental upgrade to upgrade from VQE Release 3.0 to Release 3.1. A VQE incremental upgrade preserves your VQE 3.0 configurations in VCDB and in the configuration files under /etc. If a configuration parameter is not configured by the VQE 3.0 configurations in VCDB, it will not be preserved.

Before running a VQE incremental upgrade installer, perform the following tasks:

1. Downloading VQE Software from Cisco.com

2. Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software

To run the VQE incremental upgrade installer to upgrade VQE Release 3.0 to Release 3.1, do the following:


Caution To be safe in case of a catastrophic failure, be sure to backup configuration files as described "Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software" section.


Step 1 If needed, log in as root on the CDE110 server where the VQE incremental upgrade installer was downloaded.

When you run a VQE incremental upgrade installer, you must have root privileges.

Step 2 Run the VQE incremental upgrade installer. For example:

[root@system]# /tmp/vqes-3.1.x-xx.bin 

The VQE incremental upgrade installer determines the current VQE software version, performs a sanity check on the existing VQE software, checks for the existence of needed configuration files, and does one of the following:

If the preceding checks determine that there is a problem, the VQE incremental upgrade installer informs you that an ISO installation is required and exits.

If the preceding checks determine that all is well, the VQE incremental upgrade installer displays:

You are currently running VQE version 3.0.x.
Do you want to install version 3.1.x (build xx) now? y/[n]:

Step 3 To install the software, enter y and press Enter.

The VQE incremental upgrade does the following:

Upgrades/installs/uninstalls RPMs (as needed) and installs associated default configuration files.

Performs installation post processing as follows:

Installs a new vcdb.conf.sample in the directory /etc/opt/vqes/.

Saves a set of factory default /etc configuration files associated with the RPM installation in the directory /vqe-etc/etc-pristine/.

Runs the VQE Configuration Engine to apply VCDB values to the configuration files under /etc.

After the upgrade process completes, you can examine the /var/log/upgrade.log file to look for warning and error messages, and to find out if there were any configuration files (from your previous installation) whose contents were not completely applied to the new release.

The set of /etc configuration files from your previous installation are archived in a tar file in /vqe-etc/ prior to the upgrade. You can manually apply the values from these old configuration files if these configurations must be restored.


Using an ISO Full Upgrade to Upgrade from VQE Release 3.0 to Release 3.1

This section explains how to use an ISO full upgrade to upgrade from VQE Release 3.0 to Release 3.1 and preserve your VQE Release 3.0 configurations.

Before performing an ISO full upgrade, perform the following tasks:

1. If you do not have an ISO software installation CD with VQE Release 3.1 software, see Downloading VQE Software from Cisco.com

2. Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software


Note ISO full upgrades must be performed using the CDE110 serial port (not the CDE110 video and keyboard ports). For these installations, the serial port connection can be through a terminal server or through a directly connected PC.

For terminal emulation software configuration, see "Configuring Terminal Emulation Software" in Chapter 2 of the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.


To perform an ISO full upgrade to upgrade from VQE Release 3.0 to 3.1, do the following:


Caution An ISO full upgrade will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Be sure to backup configuration files as described in the "Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software" section.


Step 1 Insert the ISO software installation CD in the CDE110 CD/DVD Combo drive.

Step 2 Power on or power cycle the CDE110.

When the VQE installation software runs, the boot: prompt is displayed.

Step 3 Type upgrade and then press Enter. For example:

boot: upgrade 


Note If you enter invalid input at the boot: prompt, the installer displays "Could not find kernel image" and your input.

This message is harmless. Enter correct input (upgrade) and proceed with the installation.


The installation software checks that VQE software and configuration files exist. If either of these checks fail, the installation is terminated.

If the VQE software and configuration files exist, the following message is displayed before the actual upgrade process starts.

You are performing VQE upgrade on hostname. It currently has Cisco VQE Server_or_Tools 
Release xxxx installed. If this is incorrect, please power off the server within 60 
seconds.

You can power off the server to stop the ISO full upgrade if the wrong CD has been used for the installation.

When you select an ISO full upgrade and the installation begins, no further user input is required or possible.

An ISO full upgrade does the following:

Checks whether the /etc configuration files have been changed manually (without the use of the VCDB). If manual changes are detected, the ISO full upgrade installer does the following:

Logs the names of files that have been manually changed. The log file is /var/log/upgrade.log.

Writes diff command output showing the manually changed items into the /vqe-etc/etc-diff file.


Note If there are manually edited files in the existing /etc directories, the changes were made by an administrator without the use of VCDB. If you want to continue to have these differences present in your configuration files, you need to carefully edit the relevant configuration files so that they include the items that are different.


Backs up the /etc configuration files to the vqe-release-hostname-timestamp.tar.gz file by creating a tar file archive of the following files: /vqe-etc/etc-diff, /var/log/upgrade.log and all files under /etc. Saves the tar file archive in a temporary set of files.

Formats the hard drive.

Installs the Linux operating system and add-on RPMs of VQE packages and configuration files.

Restores (from the tar file archive) the following /etc configuration files that were present on your VQE Release 3.0 host:

On a VQE-S host, the VCDB configuration file (/etc/opt/vqes/vcdb.conf)

On a VQE-S host, the channel configuration file (/etc/opt/vqes/vqe_channels.cfg)

On a VQE Tools host, the channel configuration file (/etc/opt/vqes/vqec_channels.cfg) and all VCPT configuration files in /etc/opt/vcpt/data

On both VQE-S and VQE Tools hosts, all files in the /etc/opt/certs directory (files related to Secure Sockets Layer certificates)


Note Except for the preceding files, all other /etc configuration files from a Release 3.0 VQE host are not copied to the directories under /etc.


Saves the other files shown in Table 10 to the CDE110 hard drive.

Table 10 ISO Full Upgrade VQE Release 3.0 to 3.1: Other Saved Files  

File in the Tar File Archive
Directory Location Where Saved

backed up /etc configuration files including vcdb.conf

/vqe-etc/etc-save/

upgrade.log file

/var/log/upgrade.log

diff command output (generated earlier) in the etc-diff file

/vqe-etc/etc-diff file

vqe-release-hostname-timestamp.tar.gz (tar file)

/vqe-etc/


Performs installation post processing

Installs a new vcdb.conf.sample file in the /etc/opt/vqes/ directory.

Saves the factory default configuration files under /etc to the directory /vqe-etc/etc-pristine.

Performs a final reboot. As part of the final reboot, runs the VQE Configuration Engine to apply the VCDB values (VQE-S 3.0 vcdb.conf that was restored earlier) to the VQE 3.1 configuration files under /etc (including vcdb.conf).

Step 4 When the CDE110 completes the final reboot, you are required to log in as root and change the password for root:

localhost.localdomain login: root
You are required to change your password immediately (root enforced)

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 12 to 40 characters
long and contain enough different characters.


Enter new password: 
Re-type new password: 

Step 5 Enter the new password for root.

Step 6 Set the password for the vqe user ID.


Note No passwords are copied over to the new set of installed files.


Step 7 Check the /var/log/vqe/vqe.log file to ensure that no significant errors occurred during the ISO full upgrade.

Step 8 Remove the ISO software installation CD from the CDE110 CD/DVD Combo drive and close the drive tray.

Step 9 If you made changes to VQE Release 3.0 /etc configuration parameters that are not now under the control of the VQE CMS, the ISO full upgrade does not preserve these changes in Release 3.1. It is possible for you to manually recreate the customized configurations in the Release 3.1 /etc configuration files. However, making manual changes in this manner is not supported or recommended.

You can examine the /vqe-etc/etc-diff file to determine the /etc file parameters (beyond the control of the VQE CMS) that have been changed.

VCPT configuration files and VQE-S and VQE-C channel configuration files from VQE Release 3.0 can be used without modification with VQE Release 3.1.


Using an ISO Clean Installation to Install VQE Release 3.1 on a VQE Release 3.0 System

This section explains how to use an ISO clean installation to install VQE Release 3.1 on a VQE Release 3.0 system.


Caution If you use an ISO clean installation for installing VQE Release 3.1, your previous VQE configurations will not be backed up or restored. Use an ISO clean installation only when there is no requirement to preserve previous VQE configuration values.

An ISO clean installation installs a complete new set of VQE, Linux, Quagga, and other files. An ISO clean installation does not backup or restore your current VQE 3.0 configurations. An ISO clean installation reformats the hard drive and reinstalls the operating system and other packages, such as the VQE software. All old configurations are removed.

Before performing an ISO clean installation, perform the following tasks:

1. If you do not have an ISO software installation CD with VQE Release 3.1 software, see Downloading VQE Software from Cisco.com.

2. Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software


Note ISO clean installations must be performed using the CDE110 serial port (not the CDE110 video and keyboard ports). For these installations, the serial port connection can be through a terminal server or through a directly connected PC.

For terminal emulation software configuration, see "Configuring Terminal Emulation Software" in Chapter 2 of the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.


To perform an ISO clean installation to install VQE Release 3.1 on a VQE Release 3.0 system, do the following:


Caution An ISO clean installation will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Be sure to backup configuration files as described "Backing Up VQE Release 3.0 Files Before Upgrading or Installing Software" section. With this backup of the configuration files, you will have the VQE 3.0 configuration files available for reference if you need them after the ISO clean installation is complete.


Step 1 Insert the ISO software installation CD in the CDE110 CD/DVD Combo drive.

Step 2 Power on or power cycle the CDE110.

When the VQE installation software runs, the boot: prompt is displayed.

Step 3 Type clean and then press Enter. For example:

boot: clean 


Note If you enter invalid input at the boot: prompt, the installer displays "Could not find kernel image" and your input.

This message is harmless. Enter correct input (clean) and proceed with the installation.


When you select an ISO clean installation and the installation begins, no further user input is required or allowed until the initial configuration of the CDE110 server.

An ISO clean installation does the following:

1. Formats the hard disk.

2. Installs the Linux operating system and all packages.

3. Reboots.

4. Installs the add-on RPM of VQE packages and configuration files.

5. Performs installation post processing.

a. Installs a new vcdb.conf.sample file in the /etc/opt/vqes/ directory.

b. Saves the factory default configuration files under /etc to the directory /vqe-etc/etc-pristine.

6. Reboots the server.

Step 4 Remove the ISO CD from the CDE110 CD/DVD Combo drive and close the drive tray.

Step 5 When the CDE110 completes the final reboot, you are required to log in as root and change the password for root:

localhost.localdomain login: root
You are required to change your password immediately (root enforced)

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 12 to 40 characters
long and contain enough different characters.


Enter new password: 
Re-type new password: 

Step 6 Enter the new password for root.

When you change the root password, the VQE Startup Configuration Utility runs:

Welcome to the Cisco VQE startup configuration utility.  This utility is
intended to facilitate the initial setup of the VQE system.  This is not
intended as a complete configuration tool, but merely to assist in the most
common configuration needs, therefore you may still need to customize the VQE
configuration for your specific needs after this utility is complete.

The VQE Startup Configuration Utility allows you to specify initial configuration values for the CDE110 server and the VQE software. Using this input, the startup utility generates initial VQE Configuration Database (VCDB) contents and reboots the CDE110 server. When the server comes back up, VQE Configuration Engine applies the changes in VCDB to the configuration files under the /etc directory.

For information on using the startup utility, see Chapter 2, "Getting Started with the VQE Startup Configuration Utility" in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

For information on the VQE Configuration Database and Configuration Engine, see Chapter 6, "Configuring VQE Server and VQE Tools" in the Cisco CDA Visual Quality Experience Application User Guide, Release 3.1.

Terminal Client Software Behavior. When using the Cisco VQE Startup Configuration Utility with a CDE110 serial port connection and terminal client software, different terminal client facilities have varying behavior for the Backspace and Delete Keys:

With console/konsole on Linux, or putty on Windows, pressing Backspace usually works correctly.

With HyperTerminal on Windows, pressing Ctrl-Backspace usually works correctly.

With HyperTerminal on Windows, pressing Backspace (without Ctrl) produces errors.

With UNIX xterm shell, pressing Backspace produces errors. With the UNIX xterm shell, the Delete key (not Backspace) should be used to remove characters.

Other terminal client facilities may produce different behaviors for the Backspace and Delete keys.


Migrating Channel-related Files from VQE Release 2.1 to VQE Release 3.1

VQE can use three types of channel-related configuration files:

One or more VCPT configuration files in /etc/opt/vcpt/data on the CDE110 that hosts VCPT. These are XML files with user-defined filenames.

One VQE-S channel configuration file in /etc/opt/vqes/vqe_channels.cfg on the CDE110 that hosts VQE-S.

One VQE-C channel configuration file in /etc/opt/vqes/vqec_channels.cfg on the CDE110 that hosts VCPT.

The following sections provide information on migrating channel-related files from VQE Release 2.1 to VQE Release 3.1:

"Creating VCPT Configuration Files for Release 3.1"

"Creating VQE-S and VQE-C Channel Configuration Files for Release 3.1"

VCPT configuration files and VQE-S and VQE-C channel configuration files from VQE Release 3.0 can be used without modification with VQE Release 3.1.

VQE-S and VQE-C channel configuration files have some compatibility restrictions. For information on these restrictions, see the "VQE SDP Channel Information Compatibility" section.

Creating VCPT Configuration Files for Release 3.1

VCPT Release 3.1 is able to open and use valid VCPT 2.1 configuration files. When VCPT Release 3.1 opens a VCPT 2.1 configuration file, the fields for Release 3.1 functionality items related to Rapid Channel Change and Extended RTCP Reports are blank. When you save the Release 2.1 file, VCPT converts the files to the Release 3.1 format, updating the file so that any changed channel values (including those related to Rapid Channel Change and Extended RTCP Reports) are saved.

Creating VQE-S and VQE-C Channel Configuration Files for Release 3.1

Release 2.1 channel configuration files created with VCPT are usable with the Release 3.1 version of VQE-S and VQE-C. When a Release 2.1 channel configuration file is used, new VQE Release 3.1 functionality will not be used because it is not configured.

When migrating from VQE Release 2.1 to VQE Release 3.1, the easiest way to create a valid Release 3.1 channel configuration file for VQE-S and VQE-C is to open a Release 3.1 channel-provisioning server configuration file and send the channel information to the Release 3.1 VQE Servers and VQE Client Channel Configuration Delivery Servers (VCDS). For example with VCPT, do the following:

1. Create a VCPT Release 3.1 configuration file for the channel lineup. (See the previous section "Creating VCPT Configuration Files for Release 3.1").

2. With that VCPT Release 3.1 configuration file open in VCPT, use VCPT to send the channel information to the VQE-S servers and VCDS servers.

When VQE-S and VCDS receive the channel information, VQE-S and VCDS use it to create valid Release 3.1 channel configuration files for VQE-S or VQE-C, respectively.

As an alternative to the above method for creating a Release 3.1 channel configuration file, you can use VCPT to create a new VCPT Release 3.1 configuration file by manually entering your existing VQE Release 2.1 channel, server, and association information into the new VCPT configuration file.

Supporting Software Hardening Guides and VQE

Customers who wish to apply the security recommendations published by SysAdmin, Audit, Network, Security Institute (SANS) or National Security Agency (NSA), as described in the documents referenced in the following sections, should be aware of some issues in using these recommendations that may affect the correct operation of the VQE-S.

The following sections describe the particular areas where customers should exercise care in following the security recommendations in these hardening guides:

Linux Security Checklist

The 60 Minute Network Security Guide

Linux Security Checklist

Document: Linux Security Checklist, Version 2

Document URL:

http://www.sans.org/score/checklists/linuxchecklist.pdf

For the Linux operating system, the following are SANS requirements where it appears that if the user were to follow the specific recommendations of the guide it would likely break behavior that VQE implements.

Page 2, item 2: "System Patches". Customers should obtain all system patches through Cisco support, and not directly from RedHat. Cisco will provide timely patches and notifications to customers to address security concerns that may arise within the components of the linux distribution.

Page 3, item 3: "Disabling Unnecessary Services". All unnecessary services have been disabled on the shipped product. VQE customers should not normally need to disable any of the services that are enabled by default after the product is installed.

Page 3, item 5: "Default Password Policy". The default password settings for the VQE-S are set in /etc/pam.d/system-auth-ac rather than in /etc/login.defs See 'man pam_passwdqc' for more information.

Page 7, item 13: "System Logging". The VQE-S includes a modified version of syslogd, which is customized in order to support certain VQE-S functions. VQE customers must therefore not replace syslog with syslog-ng, as suggested in this item.

Page 11, item 20: "Selinux". Selinux functionality is disabled on the VQE-S in its factory configuration, and it should not be enabled. Enabling the Selinux functions on the VQE-S may have unexpected consequences.

The 60 Minute Network Security Guide

The NSA's The 60 Minute Network Security Guide has guidance relevant to the Apache web server and the VQE Server software.

Document: The 60 Minute Network Security Guide, Version 2.1

Document URL:http://www.nsa.gov/ia/_files/support/I33-011R-2006.pdf

If VQE customers follow instructions in the "Unix Web Servers" section of The 60 Minute Network Security Guide, it will not break the VQE web application system.

The following guidance applies to VQE Server software except for the Apache web server, which was discussed in the preceding paragraph.

Page 10 and 40: "Follow The Concept Of Least Privilege". This section recommends reducing the privileges of common system utilities such as configuration tools and script interpreters. Some of these utilities may be used by the VQE-S software and their permissions should not be modified.

Page 35, item 2: "Services and Port". All unnecessary services have been disabled on the shipped product. VQE customers should not normally need to disable any of the services that are enabled by default after the product is installed.

Page 36, item 2: "Permissions". Some VQE-S services require SUID/SGID permissions. The permissions of these files, along with every other VQE-S related file, should not be modified.

Page 37, "Core Dumps". The VQE-S stores crash related information in the core dump files. By removing the core file, valuable debugging information is discarded. Settings related to the creation and storage of core dumps should not be modified. Additionally, core dumps should only be removed after consultation with your Cisco Technical Support Contact.

Page 39, "Logs". The VQE-S uses a customized version of syslogd in order to log VQE related messages. Using a remote host to log syslog messages from the VQE-S is not supported at this time.

Page 39, "Chroot Environment". The VQE-S application requires a specific level of permissions and should not be set to run in a chroot environment.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

GNU General Public License Information

Cisco CDA Visual Quality Experience Application (VQE), Release 3.1, includes Cisco-modified software derived from the following packages that are licensed under version 2 of the GNU General Public License (GPLv2):

irqbalance

logrotate

quagga

syslogd

Cisco will make the source code of these modified packages available upon request, in accordance with the terms of the GPLv2 license. Interested parties may obtain the source code by making a written request to:

Cisco Legal Department
300 E. Tasman Drive,
San Jose, California 95134

Please include the product name, version number, date of purchase, and specifics regarding the code you are requesting.

Related Documentation

Refer to the following documents for additional information about Cisco VQE and the Cisco CDE110 appliance:

Cisco CDA Visual Quality Experience Application User Guide, Release 3.1

http://www.cisco.com/en/US/docs/video/cds/cda/vqe/3_1/user/guide/vqe_userguide3_1.pdf

Cisco Content Delivery Engine 110 Hardware Installation Guide

http://www.cisco.com/en/US/docs/video/cds/cde/cde110/installation/guide/cde110_install.html

Regulatory Compliance and Safety Information for the Cisco Content Delivery Engine 110

http://www.cisco.com/en/US/docs/video/cds/cde/regulatory/compliance/cde110_rcsi.pdf

The entire Content Delivery Systems documentation suite is available on Cisco.com at:

http://www.cisco.com/en/US/products/ps7191/Products_Sub_Category_Home.html

The VQE Client (VQE-C) documentation is included in the VQE-C software TAR file. If you are a registered Cisco.com user, the file can be downloaded from the following location:

http://www.cisco.com/public/sw-center/content-delivery/cda.shtml

Table 11 lists the VQE Client documentation that is provided.

Table 11 VQE Client Documentation

VQE-C Document
Description

VQE-C Release Notes

Provides release-specific information for VQE-C.

VQE-C System Integration Reference

Provides information on VQE-C components, architecture, integration, and APIs. Also includes a VQE-C quick-start guide.

VQE-C System Configuration Guide

Explains certain factors to consider when configuring and deploying VQE-C. Also provides reference information on the VQE-C configuration file parameters.

VQE-C CLI Command Reference

Provides reference information on the VQE-C command-line interface.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.


This document is to be used in conjunction with the documents listed in the "Related Documentation" section.